Linux iad1-shared-b7-18 6.6.49-grsec-jammy+ #10 SMP Thu Sep 12 23:23:08 UTC 2024 x86_64
Apache
: 67.205.6.31 | : 216.73.216.47
Cant Read [ /etc/named.conf ]
8.2.29
fernandoquevedo
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
usr /
share /
doc /
mutt /
html /
[ HOME SHELL ]
Name
Size
Permission
Action
advancedusage.html
112.71
KB
-rw-r--r--
configuration.html
137.4
KB
-rw-r--r--
gettingstarted.html
90.03
KB
-rw-r--r--
index.html
33.53
KB
-rw-r--r--
intro.html
10.92
KB
-rw-r--r--
manual.html
894.41
KB
-rw-r--r--
mimesupport.html
53.8
KB
-rw-r--r--
miscellany.html
10.79
KB
-rw-r--r--
optionalfeatures.html
77.78
KB
-rw-r--r--
reference.html
405.42
KB
-rw-r--r--
security.html
8.2
KB
-rw-r--r--
tuning.html
8.49
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : security.html
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 7. Security Considerations</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="home" href="index.html" title="The Mutt E-Mail Client" /><link rel="up" href="index.html" title="The Mutt E-Mail Client" /><link rel="prev" href="optionalfeatures.html" title="Chapter 6. Optional Features" /><link rel="next" href="tuning.html" title="Chapter 8. Performance Tuning" /><style xmlns="" type="text/css"> body { margin-left:2%; margin-right:2%; font-family:serif; } .toc, .list-of-tables, .list-of-examples { font-family:sans-serif; } h1, h2, h3, h4, h5, h6 { font-family:sans-serif; } p { text-align:justify; } div.table p.title, div.example p.title { font-size:smaller; font-family:sans-serif; } .email, .email a { font-family:monospace; } div.table-contents table, div.informaltable table { border-collapse:collapse; border:1px solid #c0c0c0; } div.table-contents table td, div.informaltable td, div.table-contents table th, div.informaltable table th { padding:5px; text-align:left; } div.table-contents table th, div.informaltable table th { font-family:sans-serif; background:#d0d0d0; font-weight:normal; vertical-align:top; } div.cmdsynopsis { border-left:1px solid #707070; padding-left:5px; } li div.cmdsynopsis { border-left:none; padding-left:0px; } pre.screen, div.note { background:#f0f0f0; border:1px solid #c0c0c0; padding:5px; margin-left:2%; margin-right:2%; } div.example p.title { margin-left:2%; } div.note h3 { font-size:small; font-style:italic; font-variant: small-caps; } div.note h3:after { content: ":" } div.note { margin-bottom: 5px; } .command { font-family: monospace; font-weight: normal; } .command strong { font-weight: normal; } tr { vertical-align: top; } .comment { color:#707070; } </style></head><body><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 7. Security Considerations</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="optionalfeatures.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="tuning.html">Next</a></td></tr></table><hr /></div><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a id="security"></a>Chapter 7. Security Considerations</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="sect1"><a href="security.html#security-passwords">1. Passwords</a></span></dt><dt><span class="sect1"><a href="security.html#security-tempfiles">2. Temporary Files</a></span></dt><dt><span class="sect1"><a href="security.html#security-leaks">3. Information Leaks</a></span></dt><dd><dl><dt><span class="sect2"><a href="security.html#security-leaks-mailto">3.1. <code class="literal">mailto:</code>-style Links</a></span></dt></dl></dd><dt><span class="sect1"><a href="security.html#security-external">4. External Applications</a></span></dt></dl></div><p> First of all, Mutt contains no security holes included by intention but may contain unknown security holes. As a consequence, please run Mutt only with as few permissions as possible. Especially, do not run Mutt as the super user. </p><p> When configuring Mutt, there're some points to note about secure setups so please read this chapter carefully. </p><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="security-passwords"></a>1. Passwords</h2></div></div></div><p> Although Mutt can be told the various passwords for accounts, please never store passwords in configuration files. Besides the fact that the system's operator can always read them, you could forget to mask it out when reporting a bug or asking for help via a mailing list. Even worse, your mail including your password could be archived by internet search engines, mail-to-news gateways etc. It may already be too late before you notice your mistake. </p></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="security-tempfiles"></a>2. Temporary Files</h2></div></div></div><p> Mutt uses many temporary files for viewing messages, verifying digital signatures, etc. As long as being used, these files are visible by other users and maybe even readable in case of misconfiguration. Also, a different location for these files may be desired which can be changed via the <a class="link" href="reference.html#tmpdir" title="3.390. tmpdir">$tmpdir</a> variable. </p></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="security-leaks"></a>3. Information Leaks</h2></div></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a id="security-leaks-mailto"></a>3.1. <code class="literal">mailto:</code>-style Links</h3></div></div></div><p> As Mutt be can be set up to be the mail client to handle <code class="literal">mailto:</code> style links in websites, there're security considerations, too. Arbitrary header fields can be embedded in these links which could override existing header fields or attach arbitrary files using <a class="link" href="gettingstarted.html#attach-header" title="6.2.2. Attach: Pseudo Header">the Attach: pseudoheader</a>. This may be problematic if the <a class="link" href="reference.html#edit-headers" title="3.82. edit_headers">$edit-headers</a> variable is <span class="emphasis"><em>unset</em></span>, i.e. the user doesn't want to see header fields while editing the message and doesn't pay enough attention to the compose menu's listing of attachments. </p><p> For example, following a link like </p><pre class="screen"> mailto:joe@host?Attach=~/.gnupg/secring.gpg</pre><p> will send out the user's private gnupg keyring to <code class="literal">joe@host</code> if the user doesn't follow the information on screen carefully enough. </p><p> To prevent these issues, Mutt by default only accepts the <code class="literal">Subject</code>, <code class="literal">Body</code>, <code class="literal">Cc</code>, <code class="literal">In-Reply-To</code>, and <code class="literal">References</code> headers. Allowed headers can be adjusted with the <a class="link" href="configuration.html#mailto-allow" title="33. Control allowed header fields in a mailto: URL"><span class="command"><strong>mailto_allow</strong></span></a> and <a class="link" href="configuration.html#mailto-allow" title="33. Control allowed header fields in a mailto: URL"><span class="command"><strong>unmailto_allow</strong></span></a> commands. </p></div></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="security-external"></a>4. External Applications</h2></div></div></div><p> Mutt in many places has to rely on external applications or for convenience supports mechanisms involving external applications. </p><p> One of these is the <code class="literal">mailcap</code> mechanism as defined by RfC1524. Details about a secure use of the mailcap mechanisms is given in <a class="xref" href="mimesupport.html#secure-mailcap" title="3.2. Secure Use of Mailcap">Section 3.2, “Secure Use of Mailcap”</a>. </p><p> Besides the mailcap mechanism, Mutt uses a number of other external utilities for operation, for example to provide crypto support, in backtick expansion in configuration files or format string filters. The same security considerations apply for these as for tools involved via mailcap. </p></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="optionalfeatures.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="tuning.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 6. Optional Features </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 8. Performance Tuning</td></tr></table></div></body></html>
Close
